/* 判断字符串（URL字符串）中是否包含特殊字符（攻击sql注入字符或关键字）*/
let isSqlAttack = [
    "and ","or ","exec ","execute ","insert ","select ","delete ","update ","alter ","create ","drop ",
    " count","\\*","chr"," char"," asc","mid"," substring","master","truncate ","declare ",
    "xp_cmdshell","restore","backup","net +user","net +localgroup +administrators","%",
    "netlocalgroup administrators","net user","like '","table ","from ","grant ","use ",
    "column_name"," group_concat","information_schema.columns ","table_schema","union ","where ",
    "order ","by ","join ","modify ","\\+","\\-","--"," into"," substr","ascii","'","%27","\\(","%28","\\)",
    "%29","%25","having","like'"
]; 
	
/* 判断字符串（URL字符串）中是否包含特殊字符（攻击js字符或关键字）*/
let isJSAttack = [
    "~","`","!","@","\\#","\\$","%","\\^","&","\\*","\\(","\\)","_","\\+","=","\\[","\\]","\\{","\\}","\\|","\\\\"
    ,":",";","\\\"","'","<",">","\\?","/",
    "~","·","！","@","\\#","￥","%","……","&","\\*","（","）","\\+","【","】",
    "\\|","：","；","‘","’","“","”","、","《","》","？","、",
    "\r","\n","\t","\f","\b","\"","\'","javascript","script","function","jscript","vbscript","onfocus"
    ,"onblur","alert","location","document","window","onclick","href","<!--","--","->","/\\\\\\*","\\\\\\*/","/\\*","/\\\\*",
    "onfocus","confirm","prompt","()","//","onerror","/*","data:","\u003e","\u003c","eval","url","expr",
    "URLUnencoded","referrer","write","writeln","body.innerHtml","execScript","setInterval","setTimeout",
    "open","navigate","srcdoc","%0a","</",
    "%2a","%2b","%2B","%2d","%2F","%3F","%20","%22","%23","%25","%26","%27","%28","%29","%30",
    "\u007e","\u0060","\u0021","\u0040","\u0023","\u0024","\u0025","\u005e","\u0026","\\\u002a","\\\u0028","\\\u0029","\u005f","\\\u002b",
    "\u003d","\\\u007b","\u007d","\u007c","\\\u005b","\u005d","\\u005c","\u003a","\\u0022","\u003c","\u003e","\\\u003f","\u003b",
    "\u0027","\u002f","\u00b7","\uff01","\uffe5","\u2026","\uff08","\uff09","\u2014","\u3010","\u3011","\u3001",
    "\uff1a","\u201c","\u300a","\u300b","\uff1f","\uff1b","\u2018"
]; 
	
/* 判断字符串（URL字符串）中是否包含特殊字符（攻击html字符或关键字）*/
let isHtmlAttack = [
    "iframe","body","form","base","img","src","style","div","object","meta","link","input",
    "comment","br","&nbsp;","&quot;","&amp;","&#x27;","&#x2F;","&lt;","&gt;","&AElig;","&Aacute;",
    "&Acirc;","&Agrave;","&Aring;","&Atilde;","&Auml;","&Ccedil;","&ETH;","&Eacute;","&Ecirc;",
    "&Egrave;","&Euml;","&Iacute;","&Icirc;","&Igrave;","&Iuml;","&Ntilde;","&Oacute;","&Ocirc;",
    "&Ograve;","&Oslash;","&Otilde;","&Ouml;","&THORN;","&Uacute;","&Ucirc;","&Ugrave;","&Uuml;",
    "&Yacute;","&aacute;","&acirc;","&aelig;","&agrave;","&aring;","&atilde;","&auml;","&ccedil;",
    "&eacute;","&ecirc;","&egrave;","&eth;","&euml;","&iacute;","&icirc;","&igrave;","&iuml;","&ntilde;",
    "&oacute;","&ocirc;","&ograve;","&oslash;","&otilde;","&ouml;","&szlig;","&thorn;","&uacute;",
    "&ucirc;","&ugrave;","&uuml;","&yacute;","&yuml;","&cent;","\"","&","&#39"
]; 

let attachArr = [...isSqlAttack, ...isJSAttack, ...isHtmlAttack];

export function filterData (res) {
    let str = '';
    let type = Object.prototype.toString.call(res);
    if (type == '[object Array]' || type == '[object Object]') {
        str = JSON.stringify(res);
    } else {
        str = new String(res);
    } 
    let oldStr = str;
    for (let i = 0; i < attachArr.length; i++) {
        str = str.replace(new RegExp(attachArr[i], 'g'), '');
    }
    return str.length === oldStr.length ? false : true;
}
